Restricting user access to home directories
I am using Fedora Core 1.0 on my Web server and have installed VSFTPD on it. If I create an account and give it a home directory, (i.e./var/www/test) and try to access FTP with this account, it goes into the directory /var/www/test. However, if after logging into FTP I press the "back" button, it takes me to /var/www folder where the user can see all of the data. How do I restrict the user to access their home directories only?
In order to lock a user into their home directory, you need to look at vsftpd's chroot functionality. You need to edit the /etc/vsftpd/vsftpd.conf configuration file and change chroot_list_enable option to "yes." Then, specify a file called /etc/vsftpd.chroot and add all the users you wish to chroot to this file.
Or, if you wish all users to be chroot'ed, then you can set the chroot_local_user option to "yes." Chrooting an FTP server can be complicated and have some serious security implications. I recommend you read the vsftpd.conf man page carefully.
This was first published in February 2006